[Ltb-users] Password was refused by the LDAP directory

Clément OUDOT clem.oudot at gmail.com
Fri Sep 19 12:34:33 CEST 2014

2014-09-19 12:06 GMT+02:00 Robert Ludvik <robert.ludvik at zd-lj.si>:

> Hi.


> I use LDAP server 389-ds, version 1.2 (http://www.port389.org/) and Samba
> 3.
> I set up LTB and it works fine - I can change userPassword as well as
> Samba password.
> Our security requests are that users should not reuse last 5 passwords.
> This cannot be set up with LTB, AFAIK, but should be set in LDAP server.
Right, password history can be managed in LDAP server.

> If I enable password syntax checking in 389-ds Admin console like this:
> http://snag.gy/aqdCn.jpg

Well, this has nothing to do with password history, you configured here
syntax checking.

> the LTB continue to report "Password was refused by the LDAP directory"
> even if I enter new password within these requests. I found out it reports
> LDAP error 19:
> (Indicates that the attribute value specified in a modify, add, or modify
> DN operation violates constraints placed on the attribute. The constraint
> can be one of size or content (string only, no binary).)

As you said, the LDAP server refuses the password.

> But, I can change password via Windows Ctrl-Alt-Del -> Change password.

I think the password is changed on AD, not on 389 server.

> Can someone please help me with this /point to what could be wrong?
> My LTB conf settings:
> http://ur1.ca/i7omf

Sounds good.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20140919/be789a2d/attachment.htm>

More information about the ltb-users mailing list